Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Updated 9 August 2005 The advisory text has been updated to show that this update fixed...

Microsoft Word Unspecified Document File Buffer Overflow Vulnerability

Description Microsoft Word is affected by a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data. Microsoft has not specified exactly where the error may occur. This could result in execution of arbitrary code in the...

iso9660handler.txt

Good morning, There appears to be a fair number of kernel-level range checking flaws in ISO9660 filesystem handler and Rock Ridge / Juliet extensions in Linux up to and including 2.6.11. These bugs range from DoS conditions to potentially exploitable memory corruption - all this whenever a...

CVE-2005-0815

CVE-2005-0815 affects the Linux kernel iso9660 filesystem handler in versions up to 2.6.11 (and earlier). The issue is described as multiple range-checking flaws in the ISO-9660 file system code, which could be triggered by mounting a crafted/corrupted ISO image on CD-ROM. Impact stated in connec...

CVE-2005-0815

Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem...

McAfee AntiVirus buffer overflow

Buffer overflow on LHA archives antiviral checking...

iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Checksum Buffer Overflow

Computer Associates License Client/Server GCR Checksum Buffer Overflow iDEFENSE Security Advisory 03.02.05 www.idefense.com/application/poi/display?id=215&type=vulnerabilities March 2, 2005 I. BACKGROUND The Computer Associates License Client/Server applications provide a method for CA products t...

libexif -- buffer overflow vulnerability

Sylvain Defresne reports that libexif is vulnerable to a buffer overflow vulnerability due to insufficient input checking. This could lead crash of applications using libexif...

XSLT can include stylesheets from arbitrary hosts — Mozilla

xsl:include and xsl:import can include XSLT stylesheets from arbitrary domains including those behind the user's firewall. This at least allows for existence checking of these files; it's not clear how much, if any, data could be extracted from arbitrary XML files...

USN-82-1: Linux kernel vulnerabilities

CAN-2004-0176: Michael Kerrisk noticed an insufficient permission checking in the shmctl function. Any process was permitted to lock/unlock any System V shared memory segment that fell within the the RLIMITMEMLOCK limit that is the maximum size of shared memory that unprivileged users can acquire...

Important: Red Hat Security Advisory: postgresql security update

Updated postresql packages that correct various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. A flaw in the LOAD command in PostgreSQL was discovered. A local user could use...

Important: Red Hat Security Advisory: rh-postgresql security update

Updated PostgreSQL packages to fix various security flaws are now available for Red Hat Enterprise Linux 3. PostgreSQL is an advanced Object-Relational database management system DBMS. A flaw in the LOAD command in PostgreSQL was discovered. A local user could use this flaw to load arbitrary shar...

Squid: Multiple vulnerabilities

Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other protocols, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains several...

CVE-2005-0132: newsfetch NNTP responses buffer overflow

Affected software: newsfetch (FreeBSD ports). Vulnerability: buffer overflow in handling NNTP server responses due to using sscanf without proper bounds checking, enabling overflow on long LIST responses. Impact (as stated): crash or potential arbitrary code execution on the system. Exploitation ...

CVE-2005-0065

The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged aka "TCP sequence number checking", which makes it easier for attackers to forge ICMP error messages for specifi...

newsfetch -- server response buffer overflow vulnerability

The newsfetch program uses the sscanf function to read information from server responses into static memory buffers. Unfortunately this is done without any proper bounds checking. As a result long server responses may cause an overflow when a newsgroup listing is requested from an NNTP server...

SB2005002: pron to bypass APF checking uid(0) routine

===================================================== SB2005002: pron to bypass APF checking uid0 routine ----------------------------------------------------- Date : 01-13-2005 Author : [email protected]/jyj9782 ----- Affected Version ----- apf-0.9.4-7 current at this time ----- Summary ----...

xpdf -- makeFileKey2() buffer overflow vulnerability

An iDEFENSE Security Advisory reports: Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability specifically exists due to insufficient...

Microsoft Internet Explorer directory traversal

.. in filename is not checked...

CVE-2004-2661

Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information CGI source code...